[Zope] [announce] Local File System product

Evan Gibson egibson@connect.com.au
Wed, 27 Oct 1999 09:54:24 +1000 

On Tue, Oct 26, 1999 at 11:12:55AM -0700, Jonothan Farr wrote:
> That's closer to how I was planning to allow access control for specific
> directories and files. The problem with this approach is that I don't want
> to make the objects that represent directories or files in the local file
> system persistent Zope objects, which would be necessary to store access
> control data in the ZODB. I like the 'access' file approach for that reason,
> but I don't like the fact that it wouldn't be manageable throught the Zope
> interface. 

The problem is that if it _is_ completely manageable through the Zope
interface then, if someone manages to get manage permission under Zope
(could happen due to an accident in permissions and local roles) then
they then can look at files all over your box and use that information
to get access to that.
For damage control reasons you want it so that if people break into your
Zope instance they _only_ get access to Zope. 
With the access file people could always open it up completely if they
wanted to, but it should be the users choice to do that, and it should
be spelled out clearly in the installation instructions.
People should have to _explicitly_ say which parts of their system they
want Zope to get access to, and the default should be close to none.

> I honestly haven't come up with a really good solution yet.

There isn't a good solution that gives you security and still lets you
edit through zope... Unless you can actually _trust_ the domains that
are passed through (Basically as long as people can't fake their ip's)
then you could have a list of ip addresses (once again stored in a file
on the harddrive, with the default being 127.0.0.1) and let people from
those domains edit the access list (still stored as a file) through zope.

Every time you open things up to make it easier you increase the risk.


> --jfarr

-- 
  Evan ~ThunderFoot~ Gibson    ~ nihil mutatem, omni deletum ~
      May the machines watch over you with loving grace.